< Home

enrollment-request signature message-digest-method

Function

The enrollment-request signature message-digest-method command configures the digest algorithm used to sign certificate enrollment requests.

The undo enrollment-request signature message-digest-method command restores the default digest algorithm used to sign certificate enrollment requests.

By default, the digest algorithm used to sign certificate enrollment requests is sha-256.

Format

enrollment-request signature message-digest-method { md5 | sha1 | sha-256 | sha-384 | sha-512 | sm3 }

undo enrollment-request signature message-digest-method

Parameters

Parameter Description Value

md5

Specifies the digest algorithm used to sign certificate enrollment requests to MD5.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

-

sha1

Specifies the digest algorithm used to sign certificate enrollment requests to SHA1.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

-

sha-256

Specifies the digest algorithm used to sign certificate enrollment requests to SHA2-256.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

-

sha-384

Specifies the digest algorithm used to sign certificate enrollment requests to SHA2-384.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

-

sha-512

Specifies the digest algorithm used to sign certificate enrollment requests to SHA2-512.

This parameter is supported only when an RSA key pair is used to apply for a certificate.

-

sm3

Specifies the digest algorithm used to sign certificate enrollment requests to SM3.

This parameter is supported only when an SM2 key pair is used to apply for a certificate.

-

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

In SCEP local certificate application mode, after a CA server receives a certificate enrollment request from a PKI entity, the CA server requests a signature for authentication, and generates a local certificate only after the authentication is successful.

For security purposes, the SHA2 algorithm is recommended, rather than MD5 and SHA1.

Example

# Set the digest algorithm used to sign certificate enrollment requests to sha-384.

<sysname> system-view
[sysname] pki realm e
[sysname-pki-realm-e] enrollment-request signature message-digest-method sha-384
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >